Overview of spam from Middleton

7 Jun 2012

Note: Automated spam monitoring stopped several years ago. These web pages are maintained for historical reasons. Some may be updated from time to time as news about the individual sites becomes available.

No spam today

Overview of last 7 reports

datepoststotalBI
22 Nov 1999 51318113.76full headers
03 Nov 1999 787878.00full headers
01 Nov 1999 606060.00full headers
29 Oct 1999 606060.00full headers
22 Oct 1999 303030.00full headers
20 Oct 1999 139139139.00
18 Oct 1999 454545.00

Overview of history

poststotalBI
Total spam since 18 Oct 1999463730 525.76
Peak spam on 20 Oct 1999139139 139.00
Peak daily spam on 20 Oct 19996969 69.50(2-day average)
Average daily spam11.919.6 13.74

full history also available

General information about Middleton

Added 25 Mar 1999. Spam from Matt Middleton has been documented back to 1996. Middleton receives internet connectivity from Verio. Verio no longer permits Middleton to spam from Verio servers, but they still provide internet connectivity.

Matt Middleton (aka Empire Communications) is a porn spammer who uses a variety of methods to hide spam. Techniques include, but are not limited to:

A timeline of Middleton's activities can be found at Matt Middleton -- Andrew Vilcauscas timeline

Due to the extensive use of Javascript, it is very important that you disable Javascript before viewing any articles posted by Middleton. In general, Javascript should always be disabled when reading netnews.

Such extensive forgery and stealth techniques make it very difficult to track Middleton spam. Numbers shown here and in other reports usually reflect only a small portion of the actual total. For a good overview of Middleton forgery techniques, see netnews article "Middleton Forgeries from IDT.NET, at a Glance".

Current path forgery looks like this: 

  Path: ...!chi.uu.net!sea.uu.net!dfw.uu.net!ffx.uu.net!in5.uu.net!
1	news.wans.net!
2	lotsanews.com!newstank.sol.net!dsrs.nntp.sol.net!
	colby.direct.ca!newsfeed.direct.ca!news.connectnet.com!
	newsfeed.slurp.net!ihotnews.ihot.com!nntp2.cerf.net
Key:

1 Actual point of injection is news.wans.net.
2 Remainder of path is forged in order to hide the origin of the spam or to prevent the spam from being seen by spam-cancellers, or both.

Middleton owns or is associated with the following spam sites and aliases:

Ownership & Contact Info

Whois identifies Middleton as 
Middleton, M (MM3141)           doc@EMPIRE2.COM
   AM Ent., Inc.
   921 SW Wahington, St.
   Portland, Or 97205
   503.241.1091 (FAX) 503.241.1198

   Record last updated on 01-Sep-98.
   Database last updated on 24-Mar-99 19:08:36 EST.

Site history

NetNews Feeds

middleton receives netnews feeds from the following sites that I know of:

Sample Spam

Included below are some sample spams from Middleton. The base-64 encoding has been decoded and the embedded HTML codes have been quoted. Path: newsfeed2.uswest.net!news-out.uswest.net!newsfeed1.uswest.net! newsfeed.cwix.com!209.208.190.2!news.globix.net!news.idt.net! nntp.farm.idt.net!extra.newsguy.com!lotsanews.com!newsfeed.direct.ca! news.connectnet.com!nntp2.cerf.net!newsfeed.slurp.net! wilbur.ohww.norman.ok.us From: rezende <chelbea@aaual.ualg.pt> Newsgroups: alt.binaries.pictures.supermodels Subject: "Paddle, Crop, Cane and Tawse- *not* a law firm" Date: Wed, 07 Apr 1999 20:13:48 GMT Organization: x Lines: 31 Message-ID: <7ege9s$abq$9699@ip118.boanxr5.ras.tele.dk> NNTP-Posting-Host: ip196.an17-new-york4.ny.pub-ip.psi.net Mime-Version: 1.0 Content-Type: text/html Content-Transfer-Encoding: base64 Content-Disposition: inline Content-Length: 1875 <!-- r96vnse2znsyt8h1zt74w41mbedbce24o8zc1ee026ywfgxe95j5akslz5xckzg88gk9vzax69tlpr0zwj463ws --> <!-- 2pfmpwvxdg78fh6lqz7gr7foqkuuhnxjdd62a1znh7vxo2if2pvtwb --> <base href="http://207.240.104.21/v/valea/images/"> <form method=post atag="#5rtkzoslg96zpu288" action="mailto:bucket69@usa.net?SUBJECT=Signup" atag="#kkcni2rp0" enctype="text/plain"> <center><!-- nvciczgwdt3f34frmmmjbp2qrrmlox2csfu5fa2s4587anyxalhlbjc2byn0vqcn57tkhvdl1l --> <table atag="#j2sotl8ta1fqblq0f" cellspacing=0 cellpadding=0 border=0 width=468><tr><!-- b9s9jeq4p9gslegla6yxc5rxnma8nv2z4v8o9ytz89rto7fyedwqinn5axeythyyc7ml5flepc7ekndy0aojybo8937 --><td align="right" colspan=2> <img atag="#9o9t8lhro8go40r" src="slmbox_203_top.gif" width=468 height=51 border=0><tr><!-- k51wcoii33xtg470skysvnbtz02939cofdls23a577znc6o4rnxmb8 --><td align="left" valign="top" width=227 bgcolor="#000000"> <input atag="#oljxetytk9eaau3jic" type=text name="email" size=27 maxlength=50><!-- a9hjcrv169mybp9hxhglun9zexw185hjez2rrysx8ewk4622oini6xhluem3j4ny3ppuoisx --><td align="right" valign="top" bgcolor="#000000"> <input atag="#qxuim2z" type=image src="slmbox_203_right.gif" width=241 height=26 border=0><!-- ph2wj4k2r38pktjzgnikahn07ippbmm04pwnthqlkya5su48hnss4gtczi1a5ob9d8x7pnsam2ffwkne8f7dw0pvjq6ofhxs --></table> </center><!-- vzfjrp6u5lrp85xodakdzgwqmk53iytex8xpy4k3pbsyhqmu1771o4rapwe7u8mshkifo2jdecbv2yq36x4u2 --></form> This example contains Javascript which causes a new browser window to pop up, pointing to the spammer's web site, based at Icix.net. Path: su-news-hub1.bbnplanet.com!news.gtei.net!newsfeed.berkeley.edu! newsfeed.cwix.com!209.208.190.2!news.globix.net!news.idt.net! nntp.farm.idt.net!extra.newsguy.com!lotsanews.com!newsfeed.direct.ca! news.connectnet.com!nntp2.cerf.net!newsfeed.slurp.net! wilbur.ohww.norman.ok.us From: kaliah mc masters <kaliah@p29.f7.n5008.z2.ftn> Newsgroups: alt.sex.fetish.feet Subject: ABPEB - Aa0739j.jpg - Fills for Kinky (Last of aa-j) - Thanks for FServe 6224 bytes Date: Wed, 07 Apr 1999 20:51:54 GMT Organization: ateiv Lines: 71 Message-ID: <7eggha$gbm$44365@stephane> NNTP-Posting-Host: ip173.santa-ana7.ca.pub-ip.psi.net "Will you do anything we tell you to...no questions asked...no matter how vulgar or dirty?" I suddenly realized that this was probably a sexual proposition. So, they were into a little master/slave play? A little S&M perhaps? I was definitely game. "Yes, I will," I asserted. "Okay," said the fat one, "my name is Gina, my friend here is Susan. We would like to have a servant to abuse - both physically and verbally - tomorrow when we go to Black's Beach. You'll do. We're not going to let you get your rocks off - your duty will be to do exactly what we tell you to do...and we're going to make you do some pretty nasty, vulgar things...all for our enjoyment. We're going to screw you - like you want to screw us - maybe with a chrome toy, or maybe we'll find some gay guy and tell him he can screw you while we watch. At any rate, you're not to speak at all, and you must do everything we tell you to. Is that clear?" Listening to her talk, my sausage had grown to it's full six inches. The bulge in my suit would surely have been visible to everyone else <!-- zqd62ydeczar1jmyta834mm0qmoc8m07deefcrtor4fto1rhc0 --> <!-- kgm7gct4p2rpa43pkfgd48ik16mtnyt8fgfvt90ibr7lwbagrr --> <body atag="#j46ocu" onLoad="window.open('http://3504240994/cgi-bin/track/0474/3')"><!-- uv0cf2i1v50pef5tbz2bhe3pz00agr2bm2n24640c4qqjwjvvl --> <img atag="#" src="http://3459962440/count/2310402.55.1"></body></html><!-- 7czb1zb1astc3gfrjkxnl9sb0c8j735ef5ph51jftcsxt8pctn --> <!-- zexrqx3ygb1mphrfywgicav48ody06l0kjsbgwax7cjxtacs7t -->

Another example (25 Mar 1999). As you can see, when this gibberish news article is read using a Javascript-enabled browser, a new window is opened, displaying web page "http://3459963407/#07d". Using Sam Spade, we see that this translates to "http://206.58.218.15/#07d", and that this URL is the site "happytime.com", owned by Middleton.

(Note that happytime.com has changed ownership since 1999 and is no longer connected to Middleton.)

From: WAKLEE <tannyr@interpath.com> Newsgroups: alt.binaries.pictures.supermodels Subject: ¨¨°şİoż,,żoİş°¨¨°şİ #celeb_central on IRC; the Undernet İş°¨¨°şİoż,,żoİş° - cameron02.jpg(1/1) 2454 bytes Date: Thu, 25 Mar 1999 19:02:28 GMT Organization: dwa8l Lines: 67 Message-ID: <7de184$rrh$24389@cwixmail.com> NNTP-Posting-Host: ip50a.richmond6.va.pub-ip.psi.net Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="----------=_922379034-12851-4" Path: nntp.primenet.com!news-peer.gip.net!news.gsl.net!gip.net! news.idt.net!nntp.farm.idt.net!extra.newsguy.com!lotsanews.com! newsfeed.direct.ca!newsfeed.slurp.net!wilbur.ohww.norman.ok.us This is a multi-part message in MIME format... ------------=_922379034-12851-4 Content-Type: text/plain Content-Disposition: inline Content-Transfer-Encoding: 7bit Content-Length: 1035 really grunting and graoning. I could tell from the fire and lust in Rick's eyes that Jeff was really getting him off and was almost ready to shoot his load. I sucked harder on Jeff's sausage, wanting him to snice his load while getting a load of cowboy cream snice down his throat. Soon Rick grunted and held Jeff's head steady in his hands and began feeding him his load. Jeff's sausage twinged wildly. His balls tightened. Jeff began shoot and fill my mouth. I took his sausage and held it in my mouth, letting the spew overflow into my mouth. I took and held every drop in my mouth. As soon as Jeff was done shooting and Rick had pulled away, I moved and put my mouth up to Jeff's and let him taste himself, kissing his nice lips and filling his mouth with his spew and letting his spew mingle in with the remaining spew in his mouth from Rick's load. Rick had gone over and was touching Steve. He touched Steve's sides and stroked him, much like a cowboy would stroke and pet his horse after a long ------------=_922379034-12851-4 Content-Type: text/html Content-Disposition: inline <!-- mtgiy6tn67k22phgyvd93y8tzbff2qrok87ie05l8qobf6re14n53wy27ei959ypi57 --> <!-- 6die37qjdhxemlkqhitpxbz2kxr33z0acjpgqfz3xxiji2a0l3pieokzmc2pb20nlp4b43e11wljzvjkz92dxndkzfabiay --> <body atag="#v8tow" onLoad="window.open('http://3459963407/#07d')"> <!-- z3f46u57rrrqnbbmkdzi1c20scbanaemdtqkowsfnk6avhwfuwxw90x --> <img atag="#pa" src="http://3459962439/count/2219742.55.1"><!-- d8b0jpnxjei7bbnzvt9qa655331c3ydh7pirf5pzk77viuudo44 --> <!-- b94ed6rh54ycug4amt961g2kbxyz12ydc3rp9j6en4rilvs7p2erjhbue9ugctuowmd55jktobba74ix6wope0ktaeam74a3qo --> Ŭßżtߍvóx Newsgroups: alt.sex.stories Organization: a Subject: SDC Serie - join us on DalNet #sdc - sdc_0296_hollyherckis_har.jpg(1/1) 14086 bytes From: raeann oscelus <oscelus@planet.de> Message-ID: <rn7c81.e1l.63188@cathy.ijs.si> Date: Fri, 25 Jun 1999 16:40:34 GMT NNTP-Posting-Host: 1cust91.tnt1.rdu1.da.uu.net X-Trace: 25 Jun 1999 12:45:13 -0500, 1cust91.tnt1.rdu1.da.uu.net Lines: 69 Path: news-out.uswest.net!uunet!chi.uu.net!nyc.uu.net!ffx.uu.net! in5.uu.net!defiant.btitelecom.net!lotsanews.com!newstank.sol.net! dsrs.nntp.sol.net!colby.direct.ca!newsfeed.direct.ca! news.connectnet.com!newsfeed.slurp.net!ihotnews.ihot.com! nntp2.cerf.net my jeans and allowed them to hang loosely from my hips. The top of my boxers were plainly visible through the V that my open jeans made, as was the growing bulge that my erection was making against the front. I moved the flat of my palm down my lower torso, past the elastic waistband on my shorts, through my curly pubic hair and to the base of my rapidly swelling shaft. My sausage was angled downwards slightly and had been pressing outwards against my jeans. With sweep, I brought it around so that it was now pointing upwards. Rearranging the fabric of my shorts, I pulled the engorged length through the slit in front. My sausage was now free and exposed ... and standing at full attention. I wrapped my hand fully around the shaft and give myself couple of long, slow, exaggerated strokes. Umm...yes! My jeans had fallen off my waist and I stepped out of them. As I did so I turned to the side. In the reflection in the mirror I saw the outline of my trim body ... and the form of my rigid penis, which I was grasping firmly, proudly. And you were in the mirror too, sitting in the rocking chair. Watching. Umm... You *do* like to watch donUt you! I pulled down my shorts and was now gloriously naked. It had gotten dark in my room, so I lit several candles and climbed on to my bed, on the side begin 644 nrlm9.htm M/"$M+2!M:#ET9FEQ;#9I=C-D;69F:W%G;WAF<3AT=W9S<7=N9&1X-G-F=V1L M9CEO<W8T.&=U;R`M+3X*/"$M+2`T<S1U,'AQ=W%H<V1U-F$Q>7%X8V-C;3$U M:#5D>#`R,G0V=W4T;G%U-&HW>G!I,&\Y>2`M+3X*/&)O9'D@871A9STB(V=J M;S@V:FLP(B!O;DQO860](G=I;F1O=RYO<&5N*"=H='1P.B\O,S4P-C8S-34T M-R]!0D,O)RDB/CPA+2T@,&QB;FUH-'-V,G1X-6TT,6<X<#<S=7%B=&=T=30S M<S5P-'-C;'@U9S!Y935L:C<R<G<@+2T^"CPA+2T@.79R,#9L9S!F;#,X<G-C H:C5X:&%E:#AS;75B=7<S<C9Y:38T,VXT:CDX<C`P-&LU,C$@+2T^"@`` end Here is the earliest example in my files: Path: netcom.com!www.nntp.primenet.com!nntp.primenet.com! newspump.sol.net!howland.erols.net!newsfeed.internetmci.com!xmission! news.empire2.com!news@empire2.com From: Lillith (Lillith) Newsgroups: alt.sex.first-time,alt.sex.gangbang,alt.sex.girls, alt.sex.homosexual,alt.sex.marketplace,alt.sex.masterbation, alt.sex.masturbation,alt.sex.pictures,alt.sex.pictures.female, alt.sex.pictures.male,alt.sex.prostitution,alt.sex.services, alt.sex.spanking,alt.sex.stories.bondage,alt.sex.stories.d, alt.sex.stories.gay,alt.sex.stories.hetero,alt.sex.stories.incest, alt.sex.strip-clubs,alt.sex.swingers,alt.sex.voyeurism, alt.binaires.pictures.erotica.teen Subject: I FOUND THE BEST IN HARDCORE XXX Date: 30 Dec 1996 19:19:42 GMT Organization: News Server Lines: 13 Message-ID: <5a94ke$1t13@news.empire2.com> NNTP-Posting-Host: matt.empire2.com Mime-Version: 1.0 Content-Type: Text/Plain; charset=US-ASCII X-Newsreader: WinVN 0.99.8 (beta 2) If your looking for a GREAT SELECTION OF HARDCORE XXX pics and Movies, I found the PLACE for you! They have the largest selection of XXX HARDCORE pics and MOVIES I have found anywhere! They also have great XXX HOT CHAT and a FREE XXX SECTION for anyone that wants the pics. Go check them out, you'll love it!! Look for me in the chat section, I love to talk nasty! Here is the address: http://www.happytime.com/ Lillith...

There is no contact info for Middleton. Try postmaster

A complete history may also be available.

General notes:

Return to top | Return to spam summaries | complete history

The opinions expressed on this page are solely those of Ed Falk and do not necessarily represent those of any other organization, (although I hope they do). I wish to thank Rahul.net for hosting this web page.

This page maintained by Ed Falk